Using Key and Trust Store Passwords in Keytool

Use the Java keytool command to manipulate key and trust stores.

To manipulate key and trust store passwords in keytool, use both passwords. Passwords saved in the Hadoop Credential Provider stores cannot be retrieved by using command-line utilities. They can only be retrieved from within Java applications.

Running the configure.sh utility with the -genkeys option creates the ${MAPR_HOME}/conf/store-passwords.txt file containing the clear-text key and trust store passwords. You need these passwords if you want to manipulate the key and trust stores using the Java keytool utility. It is a best practice to copy the ${MAPR_HOME}/conf/store-passwords.txt file to a safe place, and then delete it from the ${MAPR_HOME}/conf directory.

Each line of the ${MAPR_HOME}/conf/store-passwords.txt file contains the password in the following syntax:

password-property=password-value

The password-property is the value of the password property in ssl-server.xml and ssl-client.xml. The password-value is the clear-text password. For example:
# cat /opt/mapr/conf/store-passwords.txt  
ssl.server.keystore.password=AxWJOT4K_Arc2apgcypzZps_hr5lyYNQ 
ssl.server.keystore.keypassword=AxWJOT4K_Arc2apgcypzZps_hr5lyYNQ 
ssl.server.truststore.password=4i0upzuDDUpvwpxb9_417gmfH0kvlB1w 
ssl.client.truststore.password=4i0upzuDDUpvwpxb9_417gmfH0kvlB1w 
ssl.client.keystore.password=AxWJOT4K_Arc2apgcypzZps_hr5lyYNQ 
ssl.client.keystore.keypassword=AxWJOT4K_Arc2apgcypzZps_hr5lyYNQ